Bug 280046 - net/netatalk3: 3.2.0 contains vulnerability
Summary: net/netatalk3: 3.2.0 contains vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-29 10:37 UTC by Dutchman01
Modified: 2024-07-01 11:38 UTC (History)
3 users (show)

See Also:
fernape: maintainer-feedback? (marcus)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dutchman01 2024-06-29 10:37:08 UTC 
Upgrade to 3.2.1 is asap needed.

see: https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-1

This release includes a patch for security vulnerabilities CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441. Users of the 3.x release series are encouraged to update their servers to this version.

dutchman01
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-06-30 17:51:23 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c999b147633b20e0f23315598c5c4e1d4452c201

commit c999b147633b20e0f23315598c5c4e1d4452c201
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-06-30 17:42:51 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-06-30 17:42:51 +0000

    security/vuxml: add net/netatalk3 vulnerabilities

     * CVE-2024-38439
     * CVE-2024-38440
     * CVE-2024-38441

     NVD assessments not yet provided.

    PR:             280046
    Reported by:    Dutchman01 <dutchman01@quicknet.nl>

 security/vuxml/vuln/2024.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
Comment 2 Joe Marcus Clarke freebsd_committer freebsd_triage 2024-07-01 11:38:43 UTC 
Netatalk has been updated to 3.2.1.